Daily NCSC-FI news followup 2021-02-24

Haavoittuvuuksia VMwaren tuotteissa – päivitä heti

www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti VMware julkaisi päivityksiä, jotka tulisi asentaa välittömästi. Haavoittuvuudet mahdollistavat esimerkiksi etänä suoritettavat komennot sekä mielivaltaisen ohjelmakoodin suorittamisen. Kriittinen haavoittuvuus CVE-2021-21972 koskee VMware vCenter Server – -hallinta-alustaa, joka mahdollistaa etänä suoritettavien komentojen suorittamisen. Julkaistu vakava haavoittuvuus CVE-2021-21974 koskee ESXi OpenSLP -puskurin ylivuotoa.

Google funds Linux maintainers to boost Linux kernel security

www.bleepingcomputer.com/news/security/google-funds-linux-maintainers-to-boost-linux-kernel-security/ Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers’ efforts as full-time maintainers exclusively focused on improving Linux security.

CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance

us-cert.cisa.gov/ncas/current-activity/2021/02/24/cisa-releases-joint-cybersecurity-advisory-exploitation-accellion The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance.

LazyScripter: From Empire to double RAT

blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat/ Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group. Lisäksi:

www.bleepingcomputer.com/news/security/lazyscripter-hackers-target-airlines-with-remote-access-trojans/. Lisäksi:

resources.malwarebytes.com/files/2021/02/LazyScripter.pdf

NASA and the FAA were also breached by the SolarWinds hackers

www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/ NASA and the US Federal Aviation Administration (FAA) have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a Washington Post report. The two attacks are part of a broader espionage effort targeting and compromising multiple US government agencies over the last year.

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn

www.wired.com/story/russia-gru-hackers-us-grid/ A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos. On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos.

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

thehackernews.com/2021/02/online-trackers-increasingly-switching.html With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.

Heavily used Node.js package has a code injection vulnerability

www.bleepingcomputer.com/news/security/heavily-used-nodejs-package-has-a-code-injection-vulnerability/ A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month. Tracked as CVE-2021-21315, the bug impacts the “systeminformation” npm component which gets about 800, 000 weekly downloads and has scored close to 34 million downloads to date since its inception.

Vietnamese Activists Targeted by Notorious Hacking Group

www.amnestyusa.org/reports/vietnamese-activists-targeted-by-notorious-hacking-group/ Hacking group Ocean Lotus, which has been suspected of having links with the Vietnamese government, is behind a sustained campaign of spyware attacks on the country’s human rights activists, a new investigation by Amnesty Tech reveals, underscoring an intensifying assault on freedom of expression. Lisäksi:

www.bleepingcomputer.com/news/security/apt32-state-hackers-target-human-rights-defenders-with-spyware/. Lisäksi:

www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf

You might be interested in …

Daily NCSC-FI news followup 2021-01-30

Trust is the key component of human-centric data economy impulssilvm.fi/2021/01/30/trust-is-the-key-component-of-human-centric-data-economy/ Data and digital innovation are vital for achieving public value, sustainable development goals, and tackling climate change, poverty and exclusion. In Finland, we speak of human-centric data economy, and you might wonder, why? It is because we believe that the critical raw material is not […]

Read More

Daily NCSC-FI news followup 2019-10-14

Laajamittainen häiriö Nesteen IT-järjestelmissä www.neste.com/fi/tiedotteet-ja-uutiset/laajamittainen-hairio-nesteen-it-jarjestelmissa Nesteen IT-järjestelmissä on havaittu laajamittainen häiriö. Häiriö vaikuttaa Nesteen Suomen ja Baltian toimintoihin laajasti prosessi-, säiliö- ja terminaalialueella, ja aiheuttaa viivästyksiä tuotejakelussa. Häiriön syytä tutkitaan parhaillaan yhteistyössä palveluntarjoajien kanssa. Connecting the dots: Exposing the arsenal and methods of the Winnti Group www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ New ESET white paper released describing updates to […]

Read More

Daily NCSC-FI news followup 2021-01-08

Sealed U.S. Court Records Exposed in SolarWinds Breach krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/ The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.